As the Chief Information Security Officer (CISO) for our Group's NBFC and Agro Trading entities, your role will involve establishing and leading the information security strategy to ensure compliance with RBI cybersecurity guidelines, data privacy laws, and sectoral best practices. Your responsibilities will include:
• Developing and implementing the Group-wide Information & Cyber Security Framework in alignment with RBI NBFC Cybersecurity Directions, ISO 27001, and NIST standards.• Establishing governance mechanisms to oversee security in financial and agri-trading operations.• Driving group-level cybersecurity policies, SOPs, and awareness programs.• Reporting regularly to the Board / Risk & Audit Committee on cybersecurity posture, risks, and incidents.Additionally, you will be responsible for:
• Ensuring compliance with RBIs Cyber Security Framework for NBFCs, CERT-In directives, and relevant data privacy regulations (DPDP Act).• Conducting periodic IT & IS audits, vulnerability assessments, and penetration tests.• Managing regulatory inspections, audits, and reporting requirements.• Establishing a risk-based approach to protect sensitive customer, financial, and trading data.You will also oversee:
• Establishing a Security Operations Centre (SOC) / outsource managed services for continuous monitoring.• Defining and leading the Incident Response Plan (IRP) including detection, containment, investigation, and recovery.• Coordinating cyber crisis management and business continuity planning across group entities.• Overseeing endpoint security, data protection, identity & access management, and fraud monitoring.Furthermore, your role will involve:
• Implementing and monitoring network, application, and cloud security controls.• Securing digital lending platforms, Oracle NetSuite ERP, mobile apps, and multiple customer portals for Agri Finance and Agri trading entities.• Ensuring trading operations (ERP, commodity platforms, Digital Marketplaces, External Interfaces) are safeguarded from cyber threats.• Defining secure DevSecOps practices for in-house and/or outsourced application development.In terms of leadership and stakeholder management, you will be required to:
• Lead the Information Security team and coordinate with IT, Risk, Compliance, Legal, and Business Units.• Work with external vendors, cybersecurity consultants, and regulators.• Build a culture of security awareness across employees, agents, and third parties.• Act as the single point of accountability for group-level cybersecurity.**Qualifications & Experience
• Bachelors degree in IT/Computer Science/Engineering; Masters preferred.• Certifications: CISSP / CISM / CISA / ISO 27001 Lead Implementer / CRISC (preferred).• 12+ years of IT/Information Security experience, with at least 5 years in a leadership role.• Proven experience in NBFC / BFSI cybersecurity compliance. Exposure to agri trading systems is an advantage.• Strong understanding of RBI NBFC guidelines, DPDP Act, NIST, ISO 27001, cloud security, fraud risk management. As the Chief Information Security Officer (CISO) for our Group's NBFC and Agro Trading entities, your role will involve establishing and leading the information security strategy to ensure compliance with RBI cybersecurity guidelines, data privacy laws, and sectoral best practices. Your responsibilities will include:• Developing and implementing the Group-wide Information & Cyber Security Framework in alignment with RBI NBFC Cybersecurity Directions, ISO 27001, and NIST standards.• Establishing governance mechanisms to oversee security in financial and agri-trading operations.• Driving group-level cybersecurity policies, SOPs, and awareness programs.• Reporting regularly to the Board / Risk & Audit Committee on cybersecurity posture, risks, and incidents.Additionally, you will be responsible for:
• Ensuring compliance with RBIs Cyber Security Framework for NBFCs, CERT-In directives, and relevant data privacy regulations (DPDP Act).• Conducting periodic IT & IS audits, vulnerability assessments, and penetration tests.• Managing regulatory inspections, audits, and reporting requirements.• Establishing a risk-based approach to protect sensitive customer, financial, and trading data.You will also oversee:
• Establishing a Security Operations Centre (SOC) / outsource managed services for continuous monitoring.• Defining and leading the Incident Response Plan (IRP) including detection, containment, investigation, and recovery.• Coordinating cyber crisis management and business continuity planning across group entities.• Overseeing endpoint security, data protection, identity & access management, and fraud monitoring.Furthermore, your role will involve:
• Implementing and monitoring network, application, and cloud security controls.• Securing digital lending platforms, Oracle NetSuite ERP, mobile apps, and multiple customer portals for Agri Finance and Agri trading